CVE-2020-1893
First published: Tue Mar 03 2020(Updated: )
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <4.8.7 | |
| Facebook HHVM | >=4.9.0<=4.32.0 | |
| Facebook HHVM | >=4.33.0<=4.38.0 | |
| Facebook HHVM | =4.39.0 | |
| Facebook HHVM | =4.40.0 | |
| Facebook HHVM | =4.41.0 | |
| Facebook HHVM | =4.42.0 | |
| Facebook HHVM | =4.43.0 | |
| Facebook HHVM | =4.44.0 | |
| Facebook HHVM | =4.45.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1893?
CVE-2020-1893 is a vulnerability in HHVM that allows reading out of bounds memory when decoding JSON, potentially leading to denial of service (DOS) attacks.
Which versions of HHVM are affected by CVE-2020-1893?
HHVM versions 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, and all versions between 4.9.0 and 4.38.0 (inclusive) are affected by CVE-2020-1893.
What is the severity of CVE-2020-1893?
CVE-2020-1893 has a severity rating of 7.5, which is considered high.
How can CVE-2020-1893 be exploited?
CVE-2020-1893 can be exploited by sending specially crafted JSON data to the vulnerable HHVM server, triggering the out-of-bounds memory read.
Is there a security update available to fix CVE-2020-1893?
Yes, a security update is available for HHVM to address CVE-2020-1893. It is recommended to update to a patched version of HHVM as soon as possible.
- collector/nvd-index
- vendor/facebook
- product/hhvm
- canonical/facebook hhvm